Kubernetes as a Service (KUB)

Kubernetes as a Service is an open-source container management platform delivered by Google. it is used to manage,
schedule and run containerized applications created by various container engines, such as Docker or rkt.

In a containerized infrastructure, applications are deployed as isolated, independent entities, the so-called containers. Containerization
has multiple benefits over the traditional deployment - faster and more efficient installation, environment consistency, portability, security.

One or more containers to be managed as a single application are grouped into 'pods' which will be running on clusters of virtual machines.

Within a cluster, one virtual machine functions as a master node consisting of a stateless API server, scheduler and controller manager.
Additionally, the master node includes an etcd key-value store for data storing in the cluster. The master node manages the workload and
provides communication within the cluster through the API server. Other virtual machines are worker nodes subordinate to the master.

Kubernetes supports RBAC (Role-Based Access Control) authorization allowing dynamic permission policies configuration using the Kubernetes API.
This authorization approach allows achieving higher security and differentiated access for users. Users can be added to groups with access
to different functions or to different workspaces. Access can be revoked or modified for a single user without changing the certificate.
For more details on RBAC authorization for Kubernetes, refer to the Kubernetes
documentation.

Have a Question?

The current page gives the general information on the service and the main workflows. However, while working with the
services, our users encounter new questions they need assistance with. The most frequently asked questions on EPAM Cloud
Services are gathered on the
Cloud Services FAQ page.
Visit the page to check whether we have a ready answer for your question.

General Concepts

The basic concepts used in Kubernetes are as follows:

Master - the main VM from which the Kubernetes environment is managed.

Node - VM on which containers are deployed and running

Cluster - a set of virtual or physical machines on which applications are running

Pod - one or several containers to be run as a single application and the related container options

Service - the functionality within the Kubernetes environment balancing the load between the pods and providing DNS names

Replication Controller - the entity setting the number of pods to be running

Networking - the service allowing to configure IP address ranges and the related settings

To start the service as a Kubernetes master, run the command with the -s (--service-name) parameter containing 'kubernetes' or 'kubernetes-master'.
To start the service as a Kubernetes worker, run the command with the -s (--service-name) parameter containing 'kubernetes-worker'.

You can activate a worker node only if a master node has already been activated in the same cluster.

If you need a new node to be added to your Kubernetes cluster, just repeat the or2-manage-service command.

To stop the service, use --deactivate and -i instance_id parameters to deactivate nodes one by one, with the Kubernetes Master
being deactivated the last.

You can start more than one Kubernetes cluster for the same project and region.

You can find the details on the VMs created during the service activation by calling the or2-describe-instances (or2din) with -S kubernetes parameter. To view the list
of the existing Kubernetes nodes and their parameters, use the or2-describe-services (or2dser) command with the -s kubernetes parameter:

or2dser -p project -r region -s kubernetes

Kubernetes Pods Management

To view the list of pods within a particular Kubernetes cluster, use the or2-kubernetes-pods (or2kp) command:

or2kp -p project -r region -cn cluster_name

The command will return the list of all Kubernetes pods within the cluster specified in the command, together with their state and start date.

Kubernetes Namespaces Management

To view the list of all namespaces (virtual clusters) within the particular physical cluster, use the or2-kubernetes-namespaces (or2kns) command:

or2kns -p project -r region -cn cluster_name

The response will contain the list of namespaces and their state.

Kubernetes Services Management

To view the list of services in the particular Kubernetes cluster, run the or2-kubernetes-services (or2ks) command:

or2ks -p project -r region -cn cluster_name

The command returns the list of Kubernetes services in the specified cluster and their types.

Kubernetes Replication Controllers Management

Replication controllers are used to run Kubernetes pods from the so-called pod templates, thus creating the specified number of identical pods.
To view the list of replication controllers in the particular Kubernetes cluster, use the or2-kubernetes-replication-controllers (or2krc) command:

or2krc -p project -r region -cn cluster_name

The command returns the list of all replication controllers used in the cluster, the pod template used for replication, the target number of replicas,
the number of currently existing replicas and the number of completed replicas.

Kubernetes Nodes Management

To view the list of nodes within the specified Kubernetes cluster, use the or2-kubernetes-nodes (or2kn) command:

or2kn -p project -r region -cn cluster_name

The command response contains the list of nodes, their state, number of pods in each node, the CPU count and the memory size.

Using the Service

When the Kubernetes service is activated, you can use it via the native command line interface, kubectl,
which is automatically available on the master virtual machine on which Kubernetes is activated.

Web UI

The Kubernetes service has a web UI which is automatically available as soon as the service is activated in the cluster.
The web UI has most of the functionality supported by the CLI in an intuitive format.

Clicking 'Deploy an App' opens the application deployment wizard helping you to set up your application either by specifying
its parameters manually or by uploading a YAML or JSON file containing the application configuration.

When the application is running, you can use the Kubernetes Dashboard to monitor its performance, debug errors and delete applications.

Kubernetes supports basic authentication using login and password. With service activation, a login and password are generated to be used for accessing the Web UI.

The login and password for each Kubernetes node can be retrieved by means of the or2-describe-services (or2dser) command:

Container Images

During Docker container management Kubernetes refers to the Docker repository where Docker container images are stored.
In the current implementation, Kubernetes supports image retrieval from the public Docker registry available at
Docker Image Library as well as from the private Docker registry.

To use an image from the private Docker registry to create a Kubernetes pod, perform the following actions:

Prerequisites:

1. Docker service activated in the EPAM-DKR region

2. Docker private registry activated in one of the EPAM regions

3. Kubernetes Master activated in the EPAM-DKR region

In the example below, a Kubernetes pod will be created on the basis of a Jenkins image from the Docker private registry. Use the same sequence with other images.

1. On the Docker VM, pull the latest Jenkins image and push it to your private Docker registry:

Troubleshooting

If the Kubernetes service is not performing as expected, you can try to identify the root cause of the issue and,
in certain cases, debug it yourself. The first step is to determine whether the issue concerns your application or your cluster.

If the application is not performing correctly, run the following kubectl commands on your master VM to diagnose the application:

Command

Description

kubectl get pods

Lists the pods included in your application with their statuses

kubectl get services

Lists the services running in your Kubernetes environment

kubectl get replicationControllers

Lists the replication controllers and the containers they have started

kubectl describe pods $ {pod_name}

Displays the status of a particular pod

If pods or replication controllers are not performing properly, the cause may be insufficient resources.
This can be resolved by adding more nodes to the cluster or terminating the pods which are no longer needed.

If the issue occurred in the Kubernetes services, check whether the service exists and if it is correctly configured.

Pricing

The Kubernetes service is available in the EPAM-DKR region, and is billed according to the VM billing in that region.
Virtual machines running in EPAM-DKR region are charged for the electricity consumption only which amounts to $33 per month.